| Abstract:Information system security management is a complex and challenging with the work of traditional information system security management is mainly dependent on the user access control lists and other means, the high cost of its existence, error-prone and other defects which can not fully meet the information security management system requirements. In the information system security management mainly through the introduction of access control model to achieve, by checking whether the entity controls access to objects operating authority has the means to achieve resource management control objectives, and in the access control process and identity authentication, data encryption and other security elements closely together constitute the information system security services architecture. Role-based access control (Role-Based Access Control, RBAC) as a new access control models and techniques, such as the traditional autonomy and mandatory access control model of the expansion and strengthening of the user through the use of role, position, functions of the three establish closer association between the relationship, and in the traditional model based on hierarchical division into roles and role constraints with ideas to reduce the complexity of authorization management, reduce administrative overhead and complexity, thus creating a good policy to adapt to complex security environmentIn this paper, RBAC service-oriented architecture (Service-oriented architecture, SOA) to build the information system application for the study, which study includes access control model theory and information management system security service system analysis, design and implementation, etc.. Methods used in the study on "top-down " strategy of research and analysis, the first will focus on concepts such as access control model conduct research, and in-depth understanding on the RBAC model, and then around the RBAC with service-oriented architecture in theory under the guidance build information systems application form depth analysis. Second, theoretical research on the basis of the results obtained, combined with the actual case scenario safety management system demands flexible use Spring and representational state transfer (Representational State Transfer, Rest) and other techniques for building systems Security Service Architecture design, design includes the overall safety management system design, system design interactive behavior, rights management and process design in three aspects. Finally, the theoretical model based on RBAC security services to build the system architecture applied to a specific information management system security management subsystem, and around the system management demands for access control security management subsystem of the system to achieve elaborate, understand the information management system for security control of different information resources management differences and information management systems used to guide security service system... |
PDF Full Text Request